On Wednesday, April 30, 2014 10:24:10 AM Markos Chandras wrote:
> On 04/24/2014 08:19 PM, Paul Moore wrote:
> > On Tuesday, April 22, 2014 03:40:36 PM Markos Chandras wrote:
> >> A MIPS64 kernel may support ELF files for all 3 MIPS ABIs
> >> (O32, N32, N64). Furthermore, the AUDIT_ARCH_MIPS{,EL}64 token
> >> does not provide enough information about the ABI for the 64-bit
> >> process. As a result of which, userland needs to use complex
> >> seccomp filters to decide whether a syscall belongs to the o32 or n32
> >> or n64 ABI. Therefore, a new arch token for MIPS64/n32 is added so it
> >> can be used by seccomp to explicitely set syscall filters for this ABI.
> >>
> >> Link: http://sourceforge.net/p/libseccomp/mailman/message/32239040/
> >> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> >> Cc: Eric Paris <eparis@xxxxxxxxxx>
> >> Cc: Paul Moore <pmoore@xxxxxxxxxx>
> >> Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
> >> Signed-off-by: Markos Chandras <markos.chandras@xxxxxxxxxx>
> >> ---
> >> Ralf, can we please have this in 3.15 (Assuming it's ACK'd)?
> >>
> >> Thanks a lot!
> >> ---
> >>
> >> arch/mips/include/asm/syscall.h | 2 ++
> >> include/uapi/linux/audit.h | 12 ++++++++++++
> >> 2 files changed, 14 insertions(+)
> >
> > I'm far from qualified to ACK any MIPS specific patches, but I do want to
> > add my support for this patch. As Markos states above, without this
> > patch any seccomp BPF code will be more complex than necessary (see x32
> > for an idea) and projects that try to abstract away the arch/ABI specific
> > nature of the BPF seccomp filters will be have to do a lot more work.
> > Please merge this patch, or something similar, along with the MIPS BPF
> > seccomp filters in 3.15; waiting until 3.16 will be too late.
> >
> > I also don't want to speak for the audit folks (Eric?), but I think you'll
> > hear that this patch makes life much easier for them as well.
> >
> > Thanks,
> > -Paul
>
> Ralf ping? Can we please have this in 3.15 so userspace application get
> the updated token instead of using the AUDIT_ARCH_MIPS{,EL}64 for both
> n32 and n64? It may be harder to change it once 3.15 is released (ABI
> break).
I haven't heard anything on this patch and I don't see it in the tree this
morning. Can we please get this into the 3.15 release? If not, can you
please explain why so we have something to go on?
This will cause us a lot of pain in userspace if we don't get this patch
merged.
--
paul moore
security and virtualization @ redhat
